2577 matches found
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : libsoup vulnerabilities (USN-8523-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8523-1 advisory. Eric Su and Samuel Dainard discovered that libsoup incorrectly handled content with zero-leng...
SUSE-SU-2026:2702-1 Security update for libsoup
This update for libsoup fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...
Astra Linux – Vulnerability in libsoup3
A flaw was discovered in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary...
Astra Linux – Vulnerability in libsoup3
A flaw was discovered in libsoup’s SoupServer. A remote attacker could exploit a use-after-free vulnerability, where the soupserverdisconnect function releases connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been...
Astra Linux – Vulnerability in libsoup3
There is a vulnerability related to request smuggling in LibSoup’s HTTP/1 header parsing logic. The soupmessageheaders.AppendCommon function in libsoup/soup-message-headers.c appends each header value unconditionally, without checking for duplicates or conflicting Content-Length fields. This allo...
Astra Linux – Vulnerability in libsoup3
A flaw was discovered in the asynchronous message queue handling of the libsoup library, which is widely used by GNOME and WebKit-based applications for managing HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed...
Astra Linux – Vulnerability in libsoup2.4
A flaw was discovered in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, resulting in a buffer overread. This can allow an attacker to potentially access sensitive information or cause a denial of service at the application level...
OESA-2026-2719 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing...
OESA-2026-2718 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing...
OESA-2026-2717 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large...
Oracle Linux 9 : libsoup (ELSA-2026-19356)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19356 advisory. - Backport patch for CVE-2026-5119 - Backport patch for CVE-2026-1761 - Backport patch for CVE-2026-0719 - Backport patch for CVE-2025-14523 Tenable has...
CVE-2026-12549
The CVE-2026-12549 entry concerns GNOME Libsoup (soupserver). A regression after the fix for CVE-2026-2443 replaced specific overflow checks with a general signed comparison. When a client issues a Range request with a suffix length exceeding the content size, the resulting negative start value i...
CVE-2026-12549 Libsoup: incomplete fix for cve-2026-2443: range suffix overflow in libsoup soupserver
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...
ROOT-OS-DEBIAN-13-CVE-2026-5119 CVE-2026-5119 in rootio-libsoup3 - Patched by Root
Root has patched CVE-2026-5119 in the rootio-libsoup3 package for Root:Debian:13. Multiple fixed versions available...
SUSE SLED15 / SLES15 Security Update : libsoup (SUSE-SU-2026:2314-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2314-1 advisory. This update for libsoup fixes the following issues - CVE-2026-1801: HTTP Request Smuggling in...
OESA-2026-2618 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large...
OESA-2026-2617 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large...
OESA-2026-2616 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. A remote attacker could exploit an unsigned to...
OESA-2026-2615 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. A remote attacker could exploit an unsigned to...
EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2026-2298)
According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in...